similar to: Multiple ISPs: How to force $FW traffic to a specific ISP (reprise)

Hi folks Im currently doin firewall project.. the scenario is like this.. my application server open port number 3079 the server ip is 202.188.0.132. and now the port can be accessed from everywhere. Now i want to block all the everywhere accessed. But my problem is, the application will be accessed by few locations that doing transaction with the application server. and the said locations are

We had a running ipsec shorewall system to all of our remote offices. We added a dmz to the firewall and implemented proxy arp for that dmz. We have checked everything two or three times and cannot figure out why the vpns will no longer come up. We are using shorewall version 2.2.3 from the debian stable sarge distribution. We noticed the errata that for 2.0.0 there was a problem with proxy

Hi all well im using two interfaces.. e.g: eth0:202.188.9.2 is WAN and eth1;192.168.1.1 is LAN.. when im in LAN let say from 192.168.1.9 i cant open WAN IP address e.g: 202.188.9.2 .. why? how to set this?... i only can open 192.168.1.1 .. if possible i want to have both accessable.. thanks rgds amir

I want to build a robust firewall for a resort installation. The resort''s telephony is entirely VOIP, asterisk based. We have the following internet feeds: 1) 512/512 kb fixed bandwidth leased line with static IP from Telco- primary connection, expensive, to use for VOIP, VPN traffic, mail server, SSH access for remote work. Reliable. 2) 256/512 kb ADSL from Telco, not fixed IP -

Hello Everyone! I am using shorewall-3.0.5 on suse linux. Recently we have implemented dansguardian running on 8080 and squid on port 3128. Previously (before dans guardian) masquerading was working fine but after the implementation of dansguardian masquerading is not working. My rules file has entry Previous entry was ACCEPT loc:192.192.192.3 net REDIRECT loc 8080 tcp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Shorewall-3.0.3 RH9 (+legacy updates) eth0: loc: 192.168.1.0/24 eth0:0: loc: 192.168.20.0/24 eth1:: 69.70.32.8/29 I''m worked all day on an issue I found today and I just can''t find a way to fix my problem. So, basically, for now, my network looks like this: Internet ^ | (69.70.32.8/29) Firewall 192.168.1.1

Greetings all, I have just install Shorewall on a Debian system and I''m using it as a firewall on an internal network. The specifics of the system are as follows: firewall:/var/log# shorewall version 3.0.4 firewall:/var/log# uname -a Linux firewall 2.6.12-1-386 #1 Tue Sep 27 12:41:08 JST 2005 i586 GNU/Linux Shorewall start successfully and $FW can connect to the Internet for upgrading

Hi All, I''m using Shorewall 3.0.4 and I''m wondering if it is possible to do traffic shapping on only one interface from a bridge. The firewall has got 3 NIC, eth0, eth1, eth2. eth0 and eth2 are bridged, but if I''m right, when you specify a traffic rate for a link, you do it for the interface. In my case, eth0 and eth2 do not appear in the interface file, but it is

Rene apparently believes that I run a personal consulting service. I don''t -- here is the response to my last post. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key

Mike Lander wrote: > I am building a shorewall box that the last post has the SSH error and > wanted > some feedback from the list if possible. At first I thought the two ISP''s > I > building this > for had two T-1''s with FQ ip''s as it. I have the box built for this ready > to > go. > Now I find out that one of the T-1''s is

Hi all, I''m trying to set up a transparent proxy with dansguardian, and running into some strange issues with the squid setup without dansguardian. I have used shorewall for quite some time, and I''m stumped as to why I can''t get this to work. Here is a brief synopsis of my network. loc --> gateway/firewall--> net I have the following policies: #firewall to

Hello, We have a video conference server using tcp and udp 3001 prot in internal, external user said that can''t connect to video server and held on 3001 fail, the following is file configuration, nat: 1.2.3.4 eth1:3 192.168.0.18 rule: video/ACCEPT net loc:192.168.0.18 marco.video: PARAM - - tcp 3000 PARAM - -

Good morning, We''ve been testing PE and beginning developing modules for our infrastructure. One of the modules I''m looking to create is an installation for Splunk, with the primary focus at this time, on the Forwarder. I already have the splunkforwarder-5.0.1-143156-linux-2.6-amd64.deb package being fetched from the Master and also performing the installation via dpkg. I

RC 3 is now available for testing. Problems corrected: 1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands previously used the setting of RSH_COMMAND and RCP_COMMAND from /etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf). These commands now use the .conf file in the current working directory. 2) The new parameterized

RC 3 is now available for testing. Problems corrected: 1) The Shorewall and Shorewall6 ''load'' and ''reload'' commands previously used the setting of RSH_COMMAND and RCP_COMMAND from /etc/shorewall/shorewall.conf (/etc/shorewall6/shorewall6.conf). These commands now use the .conf file in the current working directory. 2) The new parameterized

Guys, Just a quick check. From what i have read in the shorewall site, intrazone traffic is allowed completely by shorewall i.e. there is no filtering or packet size limiting ,etc,etc. I ask this becos after getting shorewall up and running well, someone has complained that they cannot print pdf files larger than 100k at one go but that they have to print one page at a time. Some details;

Shorewall 3.4.6 running on SuSE Linux 10.2 Compiling Rule Activation... Shorewall configuration compiled to /var/lib/shorewall/.restart Processing /etc/shorewall/params ... Restarting Shorewall.... /sbin/shorewall: line 665: 6782 Segmentation fault $SHOREWALL_SHELL ${VARDIR}/.restart $debugging restart got this with V3.4.4, updated to 3.4.6 this morning, but that didn''t help.

Hi Shorewall Users :) I have found shorewall firewall and seems to be interesting. I need to setup a configuration my my network users because i only have 50gb of traffic per month. I want to know if the shorewall can make a 48gb per month limit, but everyday from 1:30 PM do 8:30 AM (happy hour ) the traffic doesnt count. Can shorewall do that ? -- Sem Mais Rui Oliveira 351 - Portugal

Hi. What system or software are you using to show the iptables log files (for example the dropped packages tagged as LOG in the Shorewall rules)? Thank you very much! Bye. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files

Hi, I''ve to restart shorewall when my dynamic IP was changed from my ISP. Of course i can with a shell script do it automatically, but the question is still there.. why ? mess-mate -- "I understand this is your first dead client," Sabian was saying. The absurdity of the statement made me want to laugh but they don''t call me Deadpan